From f9bfe97cb107e5a9e1941f314c6b394966ce55e2 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Fri, 25 Oct 2024 16:06:52 -0400 Subject: [PATCH] actors: add FirewalldIptablesModules This actor will check if firewalld is using iptables, if so it will cause kernel-module-extra to be installed. --- .../actors/firewalldiptablesmodules/actor.py | 42 ++++++++++++++++ .../tests/unit_tests.py | 49 +++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/actor.py create mode 100644 repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/tests/unit_tests.py diff --git a/repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/actor.py b/repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/actor.py new file mode 100644 index 0000000000..9fa0ea2dd3 --- /dev/null +++ b/repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/actor.py @@ -0,0 +1,42 @@ +from leapp.actors import Actor +from leapp.models import ( + FirewalldDirectConfig + FirewalldGlobalConfig, + FirewallsFacts, + RpmTransactionTasks, +) +from leapp.tags import ChecksPhaseTag, IPUWorkflowTag + + +class FirewalldIptablesModules(Actor): + """ + This actor cause kernel-modules-extra to be installed if firewalld is using + iptables. + """ + + name = 'firewalld_iptables_modules' + consumes = (FirewallsFacts, FirewalldGlobalConfig, FirewalldDirectConfig) + produces = (RpmTransactionTasks,) + tags = (ChecksPhaseTag, IPUWorkflowTag) + + def process(self): + # If firewalld is not enabled then don't bother the user about its + # configuration. + for facts in self.consume(FirewallsFacts): + if not facts.firewalld.enabled: + return + + flag = False + + for config in self.consume(FirewalldGlobalConfig): + if config.firewallbackend == "iptables": + flag = True + break + + for config in self.consume(FirewalldDirectConfig): + if config.has_permanent_configuration: + flag = True + break + + if flag: + self.produce(RpmTransactionTasks(to_install=['kernel-modules-extra'])) diff --git a/repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/tests/unit_tests.py b/repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/tests/unit_tests.py new file mode 100644 index 0000000000..2ec2447a83 --- /dev/null +++ b/repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/tests/unit_tests.py @@ -0,0 +1,49 @@ +from leapp.models import ( + FirewalldDirectConfig, + FirewalldGlobalConfig, + FirewallsFacts, + FirewallStatus, + RpmTransactionTasks +) + + +def test_produce(current_actor_context): + status = FirewallStatus(enabled=True, active=True) + current_actor_context.feed(FirewallsFacts(firewalld=status, + iptables=status, + ip6tables=status)) + current_actor_context.feed(FirewalldGlobalConfig(firewallbackend='iptables')) + current_actor_context.run() + assert current_actor_context.consume(RpmTransactionTasks)[0].to_install[0] == 'kernel-modules-extra' + + +def test_produce_02(current_actor_context): + status = FirewallStatus(enabled=True, active=True) + current_actor_context.feed(FirewallsFacts(firewalld=status, + iptables=status, + ip6tables=status)) + current_actor_context.feed(FirewalldDirectConfig(has_permanent_configuration=True)) + current_actor_context.run() + assert current_actor_context.consume(RpmTransactionTasks)[0].to_install[0] == 'kernel-modules-extra' + + +def test_no_produce_negative(current_actor_context): + current_actor_context.feed(FirewalldGlobalConfig()) + current_actor_context.run() + assert not current_actor_context.consume(RpmTransactionTasks) + + +def test_no_produce_negative_02(current_actor_context): + status = FirewallStatus(enabled=False, active=True) + current_actor_context.feed(FirewallsFacts(firewalld=status, + iptables=status, + ip6tables=status)) + current_actor_context.feed(FirewalldGlobalConfig(firewallbackend='iptables')) + current_actor_context.run() + assert not current_actor_context.consume(RpmTransactionTasks) + + +def test_no_produce_negative_03(current_actor_context): + current_actor_context.feed(FirewalldDirectConfig()) + current_actor_context.run() + assert not current_actor_context.consume(RpmTransactionTasks)